Friday, 30 June 2017

Here, we assume that you are using cPanel control panel. However, you can follow some tips mentioned here even if your control panel is different.

Since last couple of months website security threats increased dramatically. Hackers now adapting new ways to breach security, they can write new malicious files, delete files, and edit files. Overall, they can practically do anything that could be done to a file. Generally, these attackers could install some malicious program onto your system without your knowledge.

So how to prevent security breaches? To prevent these attempts we can follow some simple steps.

1) Always remember to sign out or log out from any service once you finish your activities.

2) Always use stronger long password, ​because long and a complex password offers a greater variety of characters which makes hard to guess password.

3) Do not use repeated characters in the password.

4) You must use mix letters, symbols, numbers, and upper and lower case letters to make password case sensitive.

5) Never use dictionary words in any language.

6) If possible, memorize your password and try to avoid writing it down.

7) Never use one password for all the accounts.

If you experience hacking issues after following all the above 7 tips, then you just need to go through some other possible way such as:

Login to your cPanel control panel and check whether the last login shows your IP address from the last time when you logged in. If it shows a different IP address then just note it down. As it is not yours and somebody else’s IP address it is pretty clear that someone was able to login into your control panel, like you do, to access your website. That person has your user id and password with all the same access to your website that you have. He/she probably also gets FTP access, which is normally attackers more likely to use than cPanel. For this major point analyzing the access logs is the best way to identify the IP address which accessed your website.

This is not tracking down the attacker, which is generally worthless rather, the IP address is more important that will helps to find other information about the attack. You need to follow below steps to enable log archive option in cPanel.

1) Login to cPanel, click on the Raw Log Manager (note name of this feature varies in different cPanel versions).

2) Analyze the Archive Logs box.

3) make sure you unchecked the option Remove the previous month’s archived logs

4) Now click on save

Enabling the logs archive will forcefully save the logs of IP which connects to your website through HTTP and FTP. If you already have enabled archive logs option on your system, then the attack is most likely recorded, which will be very useful in tracking the hacker. If it was off, then data is lost unless the daily stats run has not been completed so far, but later similar attacks, which are most likely will be logged.

Once you identify attacker(s) IP address, you will be able to search all the logs for the entire place where that IP address appears. This will help you identify what weak part of your website was attacked, how it was attacked and what types of malicious actions were performed.

The best place to analyze is login to cPanel >> check logs; click the latest visitors’ icon. It will show you the list of last visitors who have accessed your website.

Once you find the attacking IP address then the next step is to block that IP address. To block specific IP go to cPanel >> security >> click on IP deny manager.

You also need to ensure files and folders have the appropriate permission. For example, the correct permissions for readable, but not writable folders are 755, and appropriate permissions for readable files only are 644. These are the permission that you should mostly expect to see.

Another possible thing that you can do is to take your website offline if the web pages have become infected with viruses. It is quite usual that infected pages will attack on your website visitors as well, which is normally the case. So to protect your visitors and to maintain website reputation, taking the website offline for some time until the issue gets resolved makes more sense. The reason behind taking website offline is when a visitor browses your website and hardly notice the incident, then he/she will or at least might come back later, but if a visitor gets attacked by a virus from your website, then it will build a strong memory of the incident that had occurred and probably he/she might not come back ever. So it would be better to keep the website offline and install the most recent version anti-virus software.

You can also configure a firewall which plays a role of barrier to keep hackers and viruses out of system networks. Note, firewall stops hackers from getting in, but it will not remove any existing backdoor software from your system. For this, you need a good anti-virus product. Also, ensure that you use anti-virus software regularly and keep it up to date.

Last but not the least is to change your cPanel and FTP passwords at regular intervals. Remember, security is not complete without you. So protect your information, you never know who is watching.